How to Host a Conference

Revision as of 10:34, 10 January 2012 by Sarah Baso (Talk | contribs)

Jump to: navigation, search



Our intent in posting these guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host an event. While it is almost impossible to cover EVERY detail of planning, we think we have put together a fairly comprehensive series of recommendations. Just ask anyone who has put together an event of any size and they will tell you it's hard work, but can also be a lot of fun. We are an open community, so your peers are often a great resource. Refer to some of the other conference pages and contact the conference planners directly for advice. Different types of OWASP Events (see the Event Definition tab) have a few requirements imposed on them. See the requirements tab for details.


The Global Conferences Committee is responsible for coordinating all OWASP conferences and events. If you have any questions or comments feel free to ask them at

Global Conferences Committee Chair is Mark Bristow

Global Conferences Committee Operational Support is Sarah Baso

OWASP Operations Director is Kate Hartmann

Event Definition

All OWASP events will fall into one of the following categories. If you are unsure as to what types of event you would like to plan contact us and for further clarification or to help define the scope of your event. Please also note that various types of events have some requirements set for them, see the policies/requirements tab for details

OWASP Global AppSec Conference

These conferences are the flagship of the OWASP outreach effort. This will be an international conference sponsored by OWASP and approved by the OWASP Staff along with a small group of community event reviewers. AppSec Conferences include multiple days of multi-track plenary sessions in addition to pre-conference training offerings. AppSec Conferences, schedules, and trainings must be reviewed by the OWASP Staff and will receive the full support of the OWASP Foundation. In any calendar year, there will be no more than 4 AppSec Conferences of this size. Locations will be determined the prior year and planning must begin at a minimum of 12 months in advance. The talent and services of volunteers are crucial to OWASP AppSec Conference success. That is the reason why it is important to establish standards and guidelines for volunteer so that both the volunteer and OWASP staff understand the parameters of the relationship up front. Volunteers that cancel at the last minute and produce limited results encumber OWASP mission, costing it money and preventing it from fulfilling its fundraising goals. A reliable volunteer with a strong work ethic can go a long way towards helping OWASP meet its goals. Before getting the approval to organize an OWASP AppSec Conference the Conference Organizers should: First, make a personal commitment to be there for OWASP. And second, read and fill out and sign the volunteer agreement.

OWASP Regional/Theme Conference

Regional/Theme conferences typically have lower attendance than AppSec conferences and typically include multiple days of single track plenary sessions. Training may or may not be offered at the discretion of the regional conference planning team. Regional conferences are not subject to the same rigor as AppSec conferences in terms of planning and only require the local planning team enter the event into the OWASP Conference Management System for review and approval by OWASP Staff and a small group of community reviewers. Regional conferences are encouraged to have a unique theme (development, Research, PHP, Government, Browsers...) to help differentiate them, although this is not required. Regional teams are free to brand their conference as they wish, as long as the OWASP affiliation is maintained, with the exception of the moniker "OWASP Global AppSec" which is reserved only for Global AppSec conferences.

OWASP Local Event

Events are typically single day or "OWASP Day" type events that are generally local in nature. Events typically have only one track and span anywhere from a half to a full day. Planning for these events is at the sole discretion of the event team and may be branded in any manner so long as the OWASP affiliation is maintained. In general, significant OWASP Foundation support will not be available for these events.

Partner Event

Partner events are events of any type where OWASP partners with another non-profit organization to co-host an event. These events sometimes require close examination as the terms of the partnering agreement need to be reviewed to ensure OWASP integrity and reduce liability. These events also frequently will require both OWASP Staff and community review and may take many forms.

Promotional Event

Promotional Events are where OWASP has paid or in-kind sponsorship in a conference that is hosted by another organization. This sponsorship may take the shape of a booth, hosted competition, lanyards, bags, fliers and other promotional items and may or may not be a strictly financial transaction. These events require additional scrutiny as OWASP has a very limited marketing budget, however it is important for community members to have the support to "get the word out" at other events.


The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to plan a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP conference schedule to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

Having a cohesive, comprehensive plan for your event is key to the success of your event. While all plans change it is important to consider all of the elements listed in the following tabs when developing your conference planning package.

Once you have developed your plan submit it to the Global Conferences Committee for review and consideration.

Board Member Role

The OWASP Board will make every effort to have at least one OWASP Board Member in attendance at each AppSec conference. The Board Member will:

  1. Provide a keynote or other address on OWASP, our goals, vision, strategy, ethics, projects, membership, and progress. The goal is to introduce attendees to OWASP and our culture, describe membership program, attract contributors, and inspire people about the importance of application security.
  2. Ensure that OWASP principles and ethics are upheld in all aspects of the prosecution of the conference. In particular, ensure that OWASP’s brand is not misused by commercial entities.
  3. Provide logistical support and the ability to make quick decisions on the ground (within reason) without having a formal board meeting and decision process.
  4. Serve as a lightning rod for any issues, problems, suggestions or praise that anyone wants to provide about OWASP and bring them to the appropriate committee or OWASP Board.
  5. Assess the general operation of the local/regional OWASP organization, chapters, sponsors, leaders, and contributors. The goal is to use this information to strategize how to grow OWASP’s presence in the region and support the local leadership.
  6. Meet with local leaders from OWASP, government, vendors, and industry to get them to understand why application security is important and joining with OWASP makes sense.

Conference Liaison Initiative

As one of their 2011 initiatives, the Global Conferences Committee started a Conference Liaison Program, where a member of the committee is paired with each of the Global AppSec organizing teams in order to assist them with their planning process as well as attend the conference to help trouble shoot any issues and sign necessary paperwork.

The following duties were initially set forth for the GCC liaison:

The GCC member shall:

  • interface with the local planning committee at least 1 month before trip (attend planning call)
  • Interact with planners/attendees while at conference
  • Interact with Sponsors
  • Sign conference contracts under $20,000 (once approved)

At the GCC meeting following the event, the traveling member will be expected to provide an post trip report covering:

  • Assessment of facility
  • Event Marketing Strategy
  • Examination of Event Budget
  • Estimation of Speaker Quality
  • Sponsor engagement/cost-effectiveness & feedback
  • Any notable comments from planners/attendees
  • Any unique outstanding elements
  • Any issues

Event Name Event Location Date GCC Liaison Post-Event Report
AppSec EU 2011 Dublin, Ireland June 7-10, 2011 Ralph Durkee AppSecEU Liaison Report
AppSec North America 2011 Minneapolis, MN, USA Sept. 20-23, 2011 Mark Bristow AppSecNA Liaison Report
AppSec Latin America 2011 Porto Alegre, Brazil Oct. 4-7, 2011 Lucas Ferreira AppSecLatam Liaison Report
AppSec Asia 2011 Beijing, China Nov. 8-11, 2011 Lucas Ferreira AppSec Asia Liaison Report
AppSec Asia 2011 Beijing, China Nov. 8-11, 2011 Sarah Baso (GCC Admin) AppSec Asia Event Report*
AppSec Asia 2012 Sydney, Australia Spring, 2012 Mohd Fazli Azran AppSec APAC 2012 Event Report
AppSec Europe 2012 Athens, Greece July 9-13, 2012 John Wilander
AppSec North America 2012 Austin, Texas, USA Oct. 22-26, 2012 Lorna Alamri
AppSec Latin America 2012 Buenos Aires, Argentina Nov. 2012 Fabio Cerullo

Conference Committee

While there is no requirement to organize your conference's committee in any particular way, these structures have worked for successful conferences in the past. It's important to organize a conference committee as early as possible. It is recommended that you establish regular planning/reporting meetings and set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

It is important that the conference committee be predominately comprised of a local team that is able to act locally to speed up and help in all activities related to the conference venue and local services. Planning a conference entirely from a remote location is a challenging job and is NOT recommended. Events without local support are unlikely to get Global Conferences Committee approval.

Conference Organizers

This should be a relatively small group (recommend 3) who are the core organizers of the conference. This group is the "executive leadership" for the conference. There is a tendency for one person to lead a conference, or for this group to be fairly large. experience indicates that one person is likely unable to handle all of the decisions that will be required for managing a successful conference while having too many causes the issue of inaction by committee. In the initial stages, these are the people who will be doing the heavy lifting while the rest of the committee comes into place. It's recommended that specific organizers be initially tasked into the following:

  • One of the principle organizers should be designated as responsible for the budget. It is important to reconcile any decisions with the budget as well as keep it up to date. Conferences are the lifeblood of OWASP's financial picture so it's important that they be managed well.
  • One organizer should be devoted to developing partnerships/sponsorship leads for the conference. It's important to determine if the conference will be partnering with any local organizations or governments up front and to manage that relationship. Additionally getting sponsorships early will greatly help keep the conference fiscally responsible
  • The last organizer should be devoted to facilities. The first step in planning a conference is to develop a contract with the conference facility. There are many things to consider while working this process and it requires dedicated attention. Please do keep in mind however that organizers may not sign contracts, only officers of OWASP (The Board) may obligate the foundation legally.

Functional Leaders

In the past it has been helpful to appoint functional leaders for the conference. These volunteers are typically assigned a specific area of responsibility to work in conjunction with the principle organizer's efforts.

  • Sponsors -- To augment the activities of the principal organizer assigned to this task, it's important to assign someone to sponsorships right away. This task will involve a lot of email, conference calls, and footwork and needs all the help it can get.
  • Security -- Checking credentials at the entrance to convention only areas and controlling access to convention events. There will be licensed security personnel onsite to handle and "real" security issues should they arise, volunteers are not expected to put themselves in any jeopardy as security staff.
  • Speakers -- Helping Speakers and Trainers get to and from their assigned areas, and making sure that they have the resources that they need to do their tasks. Will also interface with the facilities team if any facilities issues arise and need to be remedied.
  • Registration/Info Desk/Merch -- Helping run the registration and "Front Desk" functions of the conference. This may also expand to running an Information Desk functionality and/or helping sell merchandise.
  • Facilities -- Helping run the "behind the scenes" of the conference. This will mainly be overseeing the various contractors and vendors hired to provide services for the conference, and acting as a liaison between the convention center, contractors, exhibitors and the rest of the conference.
  • Volunteers -- Getting a small army is hard to do

Program Committee

You need a group of people to review the papers you will receive.

Good criteria to select Program Committee members include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Selecting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.

Trainer Evaluators

You need a group of people to review the training proposals you will receive.

Good criteria to select Trainer Evaluators include their involvement in OWASP activities (e.g projects, conferences, mailing lists). Selecting people already involved with OWASP helps choosing proposals that are aligned with OWASP's values.

OWASP Resources

Remember that the foundation does have some personnel who can help with the conference planning. While it's important not to over-leverage these people, do include them as often as they can support as their insight and experience will be invaluable.


The OWASP Conference Budget Planning Tool has been developed by the Global Conferences Committee to assist in the budget planning process. The tool was originally designed for AppSec conferences but can be used for a conference of any size. When submitting a budget to the GCC, you are required to use this format.

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

Your conference costs should be handled through the Foundation. Sponsorship funds, venue deposits, travel reimbursements, printing, etc will be managed for you. This allows you to focus more on the event content! Contact Kate Hartmann as soon as possible to get this set up. Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

Things to Consider

  • Shipment of OWASP products will come out of the conference budget
  • Conferences are expected to provide travel for at least one board member
  • Be sure to budget for fliers, signage and schwag
  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

Profit Sharing

Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. More detail can be found on the Global Conferences Committee Policies page.

  • Global AppSec Conference - 25% of event profits with a $5,000 USD cap ($10,000 for multi-chapter events)
  • Regional/Theme Events - 30% of event profits with a $4,000 USD cap
  • Local Events - 50% of profits with a $3000 USD cap


Obtaining sponsorship is essential to the success of your event. Without financial input from vendors to cover costs of food, venue, giveaways, and everything else, your event will inevitably fail. The following document has been prepared to assist you in convincing vendors to give you money. Please tailor the document to suit your event and forward it to any and all potential sponsors.

It is important to have completed your budget early so you can correctly estimate the amount of sponsorship you will need.

Contact Mark Bristow or Sarah Baso if you would like assistance or have interest in selling one of our 2011 Global Sponsorship Packages.

If you plan to have an exhibit hall it must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).


One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities. To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating. Partnering with a local university is a great way to obtain free space.

A contract to secure your venue is critical. Only a member of the Board can enter into a contract on behalf of OWASP!!! Please forward contracts to be signed to Kate Hartmann for signatures.

Training rooms will require space to accommodate generally 10-30 students per class.


International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

While is is acceptable to target individuals/companies to solicit content, in keeping with the OWASP value of openness, all Call for Papers and Call for Training must be open to all to submit. Calls for Papers or Training must be at a minimum announced on the conference Wiki page.


A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

Also note that according to the standard OWASP Speaker Agreement, presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to OWASP Presentations after the event.

Consider a CFP system to manage submissions such as EasyChair (it is free), or OpenConf (free and pro-version)

Additionally, each OWASP Conference is required to solicit a board member to provide a welcoming or keynote address. This shows foundation endorsement of the local team ensures a consistent OWASP message.


If you are offering training at your event the Call For Training proposal template should help you issue a call for training. While you are welcome to target training organizations, remember to ensure that the call for training be publicly available so that all my propose classes.

Training revenues are to be split 60/40 with 60% of the revenue going to OWASP and 40% going to the trainer. OWASP will provide the facilities, promotion, A/V equipment, and refreshments for all training. Trainers are responsible for travel/accommodations for the training staff, all training materials, and promotion of the training.

All training during OWASP Events must be OPEN TO THE PUBLIC. OWASP and the Trainer may set aside no more than a combined 10% of the available training slots for their own use. Setting aside of training slots in all cases must be approved by the Global Conferences Committee

Audio Visual/Recording

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. OWASP owns one projector that can be "loaned" out for events. Contact Kate Hartmann to arrange for the shipping of this and other items. When you confirm conference presentations, ask presenters to provide you with a list of equipment they need.


OWASP has several registration tools available to use. Currently we utilize the RegOnline registration system for larger, paying events. If your event is free of charge, but you require an RSVP for space restrictions or food, please contact Kate Hartmann to review registration options for free events.

Registration Distribution

OWASP Conference Registration Distribution over time.
OWASP Conference Registration Distribution over time.

The following data was taken from several larger OWASP conferences to demonstrate how registrations are typically distributed over time.


Promoting your conference begins as soon as you have selected a conference site and date. All OWASP Branded Events/Conferences are required to have a presence on the OWASP Wiki. You are also welcome to register an external web address (preferably in the .org tld) to help market and promote your event so long as the site links back to the OWASP Wiki (main page or event page) in some way. You are however required to keep the Wiki page up to date and current as the primary source of information for the event, any external resources are secondary sources of information. Post the date and location on the OWASP wiki. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.


Conference organizers are welcome to negotiate with local newspapers, trade magazines, and other media to help promote the event. OWASP prefers to establish "in kind" agreements with media for promotions but in the past, paid advertisements have been used where appropriate. If you have any questions or concerns please ask the Global Conferences Committee

Design Components

In designing your own Powerpoint templates, tshirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) here. Please do share them with the other conference chairs!

The Resources tab has additional resources for assisting in promoting your event.

Conference Materials

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

  • To request general OWASP schwag/promotional merchandise, fill out the Google Form

Name Tags

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.


Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway. Be sure to take care of all the caffine junkies in the crowd. If possible, try and arrange for a pre event tasting. You don't want people remembering your event for the bad coffee or sandwiches.

Be sure to allow for special dietary considerations. Always offer some vegetarian options for your meals.

Social Events

After a long intensive day of speakers and/or training, a more casual opportunity for networking will be welcomed by most all attendees. Depending on the size and location of your event you may want to consider one or several of the following options:

  • OWASP "meet up" at a local pub
  • OWASP gala dinner
  • Corporate sponsored party
  • Guided site seeing tours
  • Group outing to a sporting event

In many cases you can include an optional fee to be paid to cover the costs of the event. In the case of a corporate sponsored event, the sponsor would cover the costs. Very often, however, an informal yet organized (planned) evening at the pub will be sufficient to facilitate networking among conference attendees and speakers.

Be sure to remind everyone at the end of the last talk for the day of the location of the gathering, the cost (if any), and the start time for the next days speakers.

Whatever you plan, however, be sure to include some free time for people to do things on their own.


Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

OWASP on the MOVE funds are not to be used for conferences or events. If you are planning on covering ANY speakers travel and/or accommodations, be sure to plan for this in your event budget.

Visitor's Guide

All global conferences that will attract a substantial international audience should create a city Visitor's guide. A great example of a visitor's guide was put together by the AppSec Research 2010 teamThis guide should include sections like:

  • Country Overview
    • Common Languages
    • Money
    • Tipping and Haggling
    • Local Customs
    • Special Events during the conference
  • Transportation to Event
    • Taxi Company Phone numbers and estimated prices
    • Buss or Mass Transit information, schedules, and prices
    • Directions on how to get to conference site WITH PICTURES (It's recommended you walk from the major transportation hubs and take pictures along the way)
  • Host City
    • Local points of interest
    • How to get around the city (metro/bus maps)
    • Bars near the event


If you plan on a regional or international event, it is considerate to negotiate a discounted room rate with a local hotel. In many cases, if you event is at a hotel, they will happily give you greater than 50% discount on rooms. If your event is at another type of venue (convention center, university campus, corporate building) there are often referral relationships between the venue and nearby hotels. Be sure to ask you coordinator.

When reserving your room blocks take into consideration the number of out of town speakers and guests you are expecting and how many room nights will be required. Be sure to avoid commitment for the unsold rooms. The hotel wants to get paid of course. Be sure that the hotel will not hold OWASP responsible for unbooked rooms.

Access to any/all of these resources must be first pre-coordinated with the Foundation via the OWASP Conference Management System (OCMS). All requests for assistance need to go through this system for review and approval.


OWASP Registration System - OWASP is now using an event interfaceOfficial OWASP Event registration system for ALL OWASP events (Conferences, Events and Chapter Meetings) contact us for more information.

Pre-Negotiated hotel contracts


  • Table top tripod (4)
  • 1.8 m SVGA Cable
  • 2m cable video DVI/HDMI (2)
  • MacBook air micro-DVI to video adapter
  • Motorola radios (10)
  • Net gear N150 wireless USB Adapter
  • Preferred US rental provider: CRS


To request general OWASP Promotional Materials, fill out this Google Form.

via Free OWASP Banner Ads

via Articles and mentions in the OWASP Newsletter

OWASP Event Calendar

via OWASP Twitter Accounts (@OWASPConference, @OWASP)


AppSec Sample Conference Wiki Page

Web Presence/Social Media

Region URL(s) Twitter Emails
URL .org .com
AppSecAsia X X
AppSecAsiaPac X X
AppSecAsiaPacific X X
  • AppSecAsia
URL .org .com
AppSecEU X X
AppSecIreland X X
  • AppSecEU
Latin America
URL .org .com
AppSecLA X X
AppSecLatinAmerica X X
AppSecSA X X
AppSecSouthAmerica X X
AppSecLatam X X
  • AppSecSA
North America
URL .org .com
AppSecNA X X
AppSecNorthAmerica X X
AppSecUS X X
  • AppSecNA
  • AppSecUS
  • AppSecUSA


OWASP Video Cameras

OWASP Currently owns 5 sets of consumer grade video cameras (Canon VIXIA HF M300), tri-pods, memory cards, and audio connection equipment. For examples of the video taken from these cameras see the AppSec DC Vimeo stream. The cameras can shoot HD Video and have an audio input jack for taking in a house line. The system also has a QNAP TS-459 PRO network attached storage device that can be used for on-site reliable storage and backup of the video.


  • Turbo NAS TS-459 pro (for on-site redundant storage)
  • Seagate Barracuda 1.5TB Hard Drives (for NAS)
  • Final Cut express
  • In Each Camera Kit
    • Canon VIXIA HF M300
    • 8 Kingston 16 GB Class 4 SDHC Flash Memory Card
    • Pelican 0910-010-110 Secure Digital Memory Card Case
    • AVerTV Hybrid Volar HD (enables streaming via a computer)
    • Current converter
    • 60" Tripod

Contact us for more information.

Video Editing/Post Processing via IEHD Productions

File:IEHD - OWASP Video Production Services.pdf Full proposal from IEHD contact or Mark Bristow for more information

Service Name Description Rate
Basic Post-Production
  • Basic Editing (trimming the "fat" from the beginning/end of the video)
  • Removing any artifacts from the video/audio leveling
  • Trans-Coding to MPEG4 or other suitable format for online video
  • Upload to a online account Vimeo et all (OWASP Provided Acct)
  • Adding OWASP/Conference graphic watermark
  • Adding intro/end slides with basic presentation details
$40.00 per finished presenter of approx. 60 minutes with no minimum
Full Post-Production
  • Basic Post Plus....
  • Inter splicing slides from various formats not limited to .ppt, .pdf, .odp

and other key sources. (client provided notations for slide transitions)

$60.00 per finished presenter of approx. 60 minutes with no minimum
On site Video Production
  • One HD 3 chip camera per room/track with operator & fluid head tripod
  • Audio setup to camera from podium or mixer
  • Obtaining presentations from speakers if not provided previously
  • Notating of time code for slide transitions
  • First Track: $1,100.00/day
  • Each Additional Track: $550.00/day
  • + any travel outside Southern California

Completion/turn around model 30+ speakers with production and/or post production is 4-6 weeks with projects uploading starting second week after conference end. Smaller or larger conferences/projects are adjusted accordingly.

Budget Management

Conference Budget Planning Tool


Sponsorship Document

OWASP Global Conference Sponsors

Institutional knowledge about past sponsors and sponsorships

Presentations and Training


Speaker Agreement

Presentation Template.

Call For Papers Template

Call For Training proposal template.

Training Instructor Agreement


To request general OWASP Promotional Materials, fill out this Google Form.

Event planners are welcome to use any vendor that they feel can provide appropriate items for their conference. However OWASP has relationships with the following vendors that can ease the process.

Konik - Preferred SCHWAG Vendor

Rocksports - Preferred apparel Vendor

OWASP Store - Merchandise for sale at conferences

These are the requirements imposed on any event using the OWASP brand. All Events must be coordinated with the Global Conferences Committee and receive their approval. Event requests can be submitted via the OWASP Conference Management System (OCMS)]. If you do not have an account, you can signup for an OCMS account here, please use an email address if available.

If you have questions or require an exception to any of these please contact the OWASP Staff.

Comprehensive tracking of committee votes was not started until January 2011, policies with an NA entered into the "votes" column were conducted before this policy was implemented. Although the Global Conference Committee was retired effective April 1, 2013, the policies established by the committee remain in full effect.

Policy Rationale Last Updated Applicability Votes
All content must be vendor neutral OWASP Core Value N/A All Events - Core Value N/A
All content must be made available to the public after the conference OWASP Core Value N/A All Events - Core Value N/A
All calls for papers, training and registration must be open to the public OWASP Core Value N/A All Events - Core Value N/A
All events must be conducted in a manner consistent with the OWASP Mission, Principles and Code of Ethics OWASP Core Value N/A All Events - Core Value N/A
OWASP Event Definitions These definitions were established to define the different categories of OWASP events to support OWASP GCC Planning and Policies. 2010/12/22 All Events Vote Thread
OWASP Event Requirements These definitions were established to define requirements imposed on individual events by type. N/A All Events N/A
Local host chapters will share in OWASP event profits under the following schedule. In the case of multiple host chapters, the host chapters will be responsible for determining the division before the event. Policy Document
  • Global AppSec Conference - 10% of event profits up to Profit Goal set in annual Foundation Budget ($10,000 for multi-chapter events), 40 % of event profits in excess of Profit Goal. No profit cap.
  • Local and Regional Events - 90% of event profits. No profit cap.
In addition to the Membership Committee membership split that provides funds to local chapters, it is also appropriate to allow local chapters to leverage the hard work that goes into planning events as additional revenue streams. The board considered weighing the needs of the OWASP Foundation, Local Chapters entrepreneurship, the desire not to create "haves and have not" chapters within OWASP in addition to many other factors when setting this policy. 2014/09/26 All Events Board Voting Record
All Events must be coordinated with the Global Conferences Committee and receive their approval These ensures coordination of event schedules, content and budget priorities N/A All Events N/A
Events must have an OWASP Wiki Page The Wiki remains the authoritative source of OWASP information N/A All Events N/A
Only OWASP Board members or their designates may enter into contracts on behalf of the foundation Required by the OWASP By-Laws N/A All Events N/A
All finances must be handled by the OWASP Foundation unless exceptions are granted by the Global Conferences Committee This ensures the central management of Foundation resources for activities occurring under the OWASP Brand N/A All Events N/A
Free admission should be made available for OWASP Leaders, Committee and Board members OWASP Board Decision N/A All Events N/A
OWASP individual members in good standing shall receive $50 off admission to all OWASP events charging more than $50 entry fee. OWASP Membership Perk N/A All Events N/A
A complete budget must be submitted and approved by the Global Conferences Committee It is the responsibility of the Global Conferences Committee to ensure that OWASP Foundation resources are appropriately managed as it relates to OWASP conferences. This requirement ensures GCC visibility into conference expenditures and allows the GCC to assist where appropriate. N/A Regional/Theme Conferences N/A
A board member must be present at all OWASP AppSec and Regional Conferences to provide a welcoming statement OWASP Board Decision N/A Regional/Theme Conferences N/A
Global AppSec Conferences must include training As the flagship events for OWASP Global AppSec Conferences must also have a training component. N/A Global AppSec Conferences N/A
Global AppSec Conferences must charge an admission fee Global AppSec Conferences are large expenditures for the OWASP foundation. In order to ensure that the foundation can recover some or all of these costs, an admission fee must be charged. N/A Global AppSec Conferences N/A
Sessions must be recorded and posted to the public after the conference As the flagship events for OWASP Global AppSec Conferences must also provide video coverage and post it post conference. See the [Global Conference Resources] for information on additional resources. N/A Global AppSec Conferences N/A
There must be at least one networking event at the conference As the flagship events for OWASP Global AppSec Conferences must have a networking event. N/A Global AppSec Conferences N/A
All Training providers are required to sign a Training Instructor Agreement Clearly outline responsibilities and provide some legal cover for the foundation. N/A Training N/A
Training revenue will be split 60/40 (OWASP/Training Provider) GCC has set what it considers a fair policy in order to share training profits with training providers N/A Training N/A
Free training should be made available for OWASP Leaders. This must be included in the Training Instructor Agreement Board Policy N/A Training N/A
Speakers must sign a Speaker Agreement The allows OWASP to use the speaker's materials as well as their likeness as well as set some boundaries for content. Electronic signatures are permissible. N/A Speakers N/A
Speakers will not receive compensation for their speaking engagement This policy allows OWASP to keep admissions costs low so that OWASP can help spread knowledge of application security issues to the widest audience. Exceptions to this policy may be granted in certain cases so contact the Global Conferences Committee if you need an exception. N/A Speakers N/A

Co-Marketing of Event Contract Sample

The <External Organization> Provides:

  • A Vendor Table in Vendor Area
  • OWASP Logo and Link on RSS Web-site
  • OWASP Logo and description in the Event Guide
  • Opportunity to provide an OWASP Banner in conference room
  • Tickets for 2 OWASP Speakers mutually approved by OWASP and <External Organization>
  • Software Security Track Chair
  • Monthly status update emailed to the OWASP Global Conferences Committee Chair ( including
    • Current number of people registered for event
    • A budget update including all revenue and expenditures relating to the event

The OWASP Foundation provides:

  • OWASP Promotional Materials for the provided table
  • Marketing of Conference
    • Notification to OWASP members and constituents about special discount code to attend <EVENT>. The event will provide 50-100 words of text and link describing offer; OWASP will transmit within any newsletter, via email notification and/or other methods as approved by OWASP
    • Event banner in OWASP banner rotation on main page for 90 days prior to the event

Co-Hosted Event Contract Sample

The <External Organization> Provides:

  • A Vendor Table in Vendor Area
  • OWASP Logo and Link on RSS Web-site
  • OWASP Logo and description in the Event Guide
  • Opportunity to provide an OWASP Banner in conference room
  • Tickets for 2 OWASP Speakers mutually approved by OWASP and <External Organization>
  • Software Security Track Chair
  • Monthly status update emailed to the OWASP Global Conferences Committee Chair ( including
    • Current number of people registered for event
    • A budget update including all revenue and expenditures relating to the event

The OWASP Foundation provides:

  • An active and contributing member of the conference executive committee present at 85% or more of the planning sessions, who will chair and moderate the Software Security Track.
  • At least 1 additional volunteer to assist on-site during the event, to be coordinated with the event volunteer coordinator.
  • Travel expenses for 2 well recognized OWASP speakers (topic and speaker mutually approved by Software Security Track Chair and OWASP)
    • Speakers must also sign the standard OWASP Speaking agreement
  • OWASP Schwag Give-aways for X attendees
  • X OWASP Lanyards
  • OWASP Promotional Materials for the provided table
  • Marketing of Conference
    • Notification to OWASP members and constituents about special discount code to attend <EVENT>. The event will provide 50-100 words of text and link describing offer; OWASP will transmit within any newsletter, via email notification and/or other methods as approved by OWASP
    • Event banner in OWASP banner rotation on main page for 90 days prior to the event

Payment Schedule:

  • All real costs incurred by the Event and OWASP shall be reimbursed prior to the distribution of any profits from the event. Real costs include expenses for schwag, Speaker Travel and Lanyards as well as any other costs not incurred in the course of supporting a booth at the event.
  • Should the event take a loss
    • 30% of losses shall be covered by the OWASP foundation, up to the amount of tangible goods provided
    • 70% Shall be covered by Event
  • Should the event make a profit (after real costs have been reimbursed)
    • 30% of profits shall be paid to the OWASP Foundation
    • 70% of profits shall be retained by Event

Historic Contracts

AppSec US Venue
AppSec Asia Event Management Agreement